CVE-2009-3736

Severity

69%

Complexity

34%

Confidentiality

165%

ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.

ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.

CVSS 2.0 Base Score 6.9. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C).

Overview

First reported 15 years ago

2009-11-29 13:07:00

Last updated 7 years ago

2017-09-19 01:29:00

Affected Software

GNU libtool 1.5

1.5

References

ftp://ftp.gnu.org/gnu/libtool/libtool-2.2.6a-2.2.6b.diff.gz

Patch

http://git.savannah.gnu.org/cgit/libtool.git/commit/?h=branch-1-5&id=29b48580df75f0c5baa2962548a4c101ec7ed7ec

Patch

http://hamlib.svn.sourceforge.net/viewvc/hamlib/trunk/libltdl/Makefile.am?revision=2841&view=markup

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

FEDORA-2010-1872

FEDORA-2010-1924

FEDORA-2011-1990

FEDORA-2011-1958

FEDORA-2011-1967

[libtool] 20091116 GNU Libtool 2.2.6b released

Patch

[libtool] 20091116 Backport of libltdl changes to branch-1-5

Patch

SUSE-SR:2010:006

37414

Vendor Advisory

37489

Vendor Advisory

37997

38190

38577

38617

38696

38915

39299

39347

43617

55721

GLSA-201311-10

http://support.avaya.com/css/P8/documents/100074869

MDVSA-2009:307

MDVSA-2010:035

MDVSA-2010:091

MDVSA-2010:105

RHSA-2010:0039

37128

Patch

ADV-2011-0574

https://bugzilla.redhat.com/show_bug.cgi?id=537941

Patch

oval:org.mitre.oval:def:11687

oval:org.mitre.oval:def:6951

RHSA-2010:0095

FEDORA-2009-12813

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.